Be careful about editing the configuration

Since Exim (version 3) rereads its configuration on every delivery attempt, it is unadvisable to edit a live configuration file. If you're using Debian and 4.x, the config it uses isn't the one you edit (it gets generated on init-script-reload), so you're OK.

Finally, you will need to modify your alias resolution to use LDAP. This is based on my LDAP configuration, which consists of an Organisational Unit (OU) of Aliases, each container having an attribute rfc822MailMember, containing the real mailbox. An example:

Now, this assumes that your system is like mine, where each user is a real account, and getpwnam() and the like will return usernames out of LDAP via PAM. If this is the case, the above configuration should be all you need. If you are running a "black box" MailServer, then some other kind soul may like to add the required configuration below.

If you have a different LDAPSchema to the one mentioned above, either because your system installed a different set of Schema for the equivalent entries, or you are running a custom Schema that handles multiple virtual domain hosting without unix accounts, then just modify your LDAP lookups appropriately. As a hint:

LMTP callbacks

Another thing you can do with Exim and Cyrus-IMAP integration is described at Cyrus Imap page of Exim Wiki. It allows Cyrus to check the existence of mailboxes before replying to "RCPT TO:" or "MAIL FROM:". Exim does not have to send back bounces in reply to
"dictionary recipient" spam.

Useful Exim4 Mail Proxy tweaks.

If you have Exim4 configured as a mail proxy in front of, say, MS Exchange, or another Active Directory based email server, you may find the following useful to either limit spam, or transition from a "catchall" domain setup. Note that these two configurations are mutually exclusive.

This first config fragment provides the ability to reject nonexistent email addresses at SMTP time.

This first stanza belongs in the main configuration, and simply defines the LDAP lookup macro.
You will need to create the "MTA Auth" user in AD. Copy Guest and enable it.
Don't forget to set the IP address of the AD server correctly.

Note that port 3268 is used. AD geeks will recognise this as the Global Catalog port, and means you are asking the AD Forest, rather than just a particular server. If you don't want this, or your server isn't a GC server, just use port 389.

The second fragment provides a "catchall" function for a domain. If an email address is not defined within a site, mail will be accepted and routed to the provided address (catchall@example.co.nz in this case). Please do not use this except as a transitory measure, as catchalls are inherently bad IMHO.

As nice as this solution is, it doesn't (in the above example) cater for Public Folders which are mail enabled. Greig informs me that you can modify the LDAP bind to do this, however. One way to do this is below:

One issue I found was that I wasn't able to query the whole forest using port 389. I needed to use port 3268 (GC). If you're having problems, there's a high chance you haven't got the DN correct. Use adsiedit to check (found in the Windows Support Tools). More information can be found at http://www.exim.org/eximwiki/MsExchangeAddressVerification.

There is a macro defined for the file_transport router, but its unset by default. To allow this behaivour, add this macro to either your /etc/exim4/conf.d/main/02_exim4-config_options.rul, or a local macros filw, such as /etc/exim4/conf.d/main/000_local_macros:

587 is harder, because the rules are "either SMTP AUTH or SSL". An Exim SSL/TLS recipe was posted to the list, which suggests (updated, and with client certs removed - you really want to only use SMTP AUTH):

Redirecting all mail to a single mailbox

I wanted to set up an SMTP server for testing that would accept all mail and send it to a single mailbox so that we didn't accidentally send mail to anyone.

This example uses Debian's split config.
Add a new router in /etc/exim4/conf.d/router. Because these files are processed in alphabetical order, add it at the top. 09_exim4-config-redirect_all is a good choice.

Please note that any user can change the contents of pages on this site,
and therefore the Waikato Linux Users Group can offer no assurances that
the information is correct, and the information on this site is not
necessarily the opinion of the Waikato Linux Users Group, or any of its
members. If you have any complaints about the contents of this page,
please do not hesitate to contact the Waikato Linux Users Group, or, click
the Edit button!

Unless otherwise noted, all pages on this site are licensed under the
WlugWikiLicense.